#include <afs/stds.h>
#include <roken.h>
+#ifdef AFS_PTHREAD_ENV
+# include <opr/softsig.h>
+#endif
#ifdef AFS_NT40_ENV
#include <WINNT/afsevent.h>
#include "vlserver.h"
#include "vlserver_internal.h"
-#define MAXLWP 16
+#define MAXLWP 64
struct afsconf_dir *vldb_confdir = 0; /* vldb configuration dir */
int lwps = 9;
afs_uint32 wr_HostAddress[MAXSERVERID + 1];
static void *CheckSignal(void*);
-int LogLevel = 0;
int smallMem = 0;
+int restrictedQueryLevel = RESTRICTED_QUERY_ANYUSER;
int rxJumbograms = 0; /* default is to not send and receive jumbo grams */
int rxMaxMTU = -1;
afs_int32 rxBind = 0;
code = afsconf_IsLocalRealmMatch(dir, &islocal, name, inst, cell);
if (code) {
- ViceLog(0,
+ VLog(0,
("Failed local realm check; code=%d, name=%s, inst=%s, cell=%s\n",
code, name, inst, cell));
}
OPT_database,
OPT_logfile,
OPT_threads,
+#ifdef HAVE_SYSLOG
OPT_syslog,
+#endif
OPT_peer,
OPT_process,
OPT_nojumbo,
OPT_rxbind,
OPT_rxmaxmtu,
OPT_trace,
- OPT_dotted
+ OPT_dotted,
+ OPT_restricted_query,
+ OPT_transarc_logs,
+ OPT_s2s_crypt
};
int
char hostname[VL_MAXNAMELEN];
int noAuth = 0;
char clones[MAXHOSTSPERCELL];
+ char hoststr[16];
afs_uint32 host = ntohl(INADDR_ANY);
struct cmd_syndesc *opts;
+ struct logOptions logopts;
+ int s2s_rxgk = 0;
char *vl_dbaseName;
char *configDir;
- char *logFile;
char *auditFileName = NULL;
char *interface = NULL;
char *optstring = NULL;
+ char *s2s_crypt_behavior = NULL;
+
+ char *restricted_query_parameter = NULL;
#ifdef AFS_AIX32_ENV
/*
#endif
osi_audit_init();
+ memset(&logopts, 0, sizeof(logopts));
+
/* Initialize dirpaths */
if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
#ifdef AFS_NT40_ENV
vl_dbaseName = strdup(AFSDIR_SERVER_VLDB_FILEPATH);
configDir = strdup(AFSDIR_SERVER_ETC_DIRPATH);
- logFile = strdup(AFSDIR_SERVER_VLOG_FILEPATH);
cmd_DisableAbbreviations();
cmd_DisablePositionalCommands();
- opts = cmd_CreateSyntax(NULL, NULL, NULL, NULL);
+ opts = cmd_CreateSyntax(NULL, NULL, NULL, 0, NULL);
/* vlserver specific options */
cmd_AddParmAtOffset(opts, OPT_noauth, "-noauth", CMD_FLAG,
CMD_OPTIONAL, "location of logfile");
cmd_AddParmAtOffset(opts, OPT_threads, "-p", CMD_SINGLE, CMD_OPTIONAL,
"number of threads");
-#if !defined(AFS_NT40_ENV)
+#ifdef HAVE_SYSLOG
cmd_AddParmAtOffset(opts, OPT_syslog, "-syslog", CMD_SINGLE_OR_FLAG,
CMD_OPTIONAL, "log to syslog");
#endif
+ cmd_AddParmAtOffset(opts, OPT_transarc_logs, "-transarc-logs", CMD_FLAG,
+ CMD_OPTIONAL, "enable Transarc style logging");
/* rx options */
cmd_AddParmAtOffset(opts, OPT_peer, "-enable_peer_stats", CMD_FLAG,
- CMD_OPTIONAL, "enable RX transport statistics");
+ CMD_OPTIONAL, "enable RX RPC statistics by peer");
cmd_AddParmAtOffset(opts, OPT_process, "-enable_process_stats", CMD_FLAG,
CMD_OPTIONAL, "enable RX RPC statistics");
cmd_AddParmAtOffset(opts, OPT_nojumbo, "-nojumbo", CMD_FLAG,
CMD_OPTIONAL, "maximum MTU for RX");
cmd_AddParmAtOffset(opts, OPT_trace, "-trace", CMD_SINGLE,
CMD_OPTIONAL, "rx trace file");
+ cmd_AddParmAtOffset(opts, OPT_restricted_query, "-restricted_query",
+ CMD_SINGLE, CMD_OPTIONAL, "anyuser | admin");
+
/* rxkad options */
cmd_AddParmAtOffset(opts, OPT_dotted, "-allow-dotted-principals",
CMD_FLAG, CMD_OPTIONAL,
"permit Kerberos 5 principals with dots");
+ /* rxgk options */
+ cmd_AddParmAtOffset(opts, OPT_s2s_crypt, "-s2scrypt", CMD_SINGLE,
+ CMD_OPTIONAL,
+ "rxgk-crypt | never");
+
code = cmd_Parse(argc, argv, &opts);
+ if (code == CMD_HELP) {
+ exit(0);
+ }
if (code)
return -1;
+ cmd_OptionAsString(opts, OPT_config, &configDir);
+
+ cmd_OpenConfigFile(AFSDIR_SERVER_CONFIG_FILE_FILEPATH);
+ cmd_SetCommandName("vlserver");
+
/* vlserver options */
cmd_OptionAsFlag(opts, OPT_noauth, &noAuth);
cmd_OptionAsFlag(opts, OPT_smallmem, &smallMem);
free(interface);
}
- cmd_OptionAsString(opts, OPT_config, &configDir);
- cmd_OptionAsInt(opts, OPT_debug, &LogLevel);
cmd_OptionAsString(opts, OPT_database, &vl_dbaseName);
- cmd_OptionAsString(opts, OPT_logfile, &logFile);
if (cmd_OptionAsInt(opts, OPT_threads, &lwps) == 0) {
if (lwps > MAXLWP) {
lwps = MAXLWP;
}
}
-#ifndef AFS_NT40_ENV
+
+ cmd_OptionAsInt(opts, OPT_debug, &logopts.lopt_logLevel);
+#ifdef HAVE_SYSLOG
if (cmd_OptionPresent(opts, OPT_syslog)) {
- serverLogSyslog = 1;
- cmd_OptionAsInt(opts, OPT_syslog, &serverLogSyslogFacility);
- }
+ if (cmd_OptionPresent(opts, OPT_logfile)) {
+ fprintf(stderr, "Invalid options: -syslog and -logfile are exclusive.\n");
+ return -1;
+ }
+ if (cmd_OptionPresent(opts, OPT_transarc_logs)) {
+ fprintf(stderr, "Invalid options: -syslog and -transarc-logs are exclusive.\n");
+ return -1;
+ }
+
+ logopts.lopt_dest = logDest_syslog;
+ logopts.lopt_facility = LOG_DAEMON; /* default value */
+ logopts.lopt_tag = "vlserver";
+ cmd_OptionAsInt(opts, OPT_syslog, &logopts.lopt_facility);
+ } else
#endif
+ {
+ logopts.lopt_dest = logDest_file;
+ if (cmd_OptionPresent(opts, OPT_transarc_logs)) {
+ logopts.lopt_rotateOnOpen = 1;
+ logopts.lopt_rotateStyle = logRotate_old;
+ }
+ if (cmd_OptionPresent(opts, OPT_logfile))
+ cmd_OptionAsString(opts, OPT_logfile, (char**)&logopts.lopt_filename);
+ else
+ logopts.lopt_filename = AFSDIR_SERVER_VLOG_FILEPATH;
+ }
+
/* rx options */
if (cmd_OptionPresent(opts, OPT_peer))
/* rxkad options */
cmd_OptionAsFlag(opts, OPT_dotted, &rxkadDisableDotCheck);
+ /* restricted query */
+ if (cmd_OptionAsString(opts, OPT_restricted_query,
+ &restricted_query_parameter) == 0) {
+ if (strcmp(restricted_query_parameter, "anyuser") == 0)
+ restrictedQueryLevel = RESTRICTED_QUERY_ANYUSER;
+ else if (strcmp(restricted_query_parameter, "admin") == 0)
+ restrictedQueryLevel = RESTRICTED_QUERY_ADMIN;
+ else {
+ printf("invalid argument for -restricted_query: %s\n",
+ restricted_query_parameter);
+ return -1;
+ }
+ free(restricted_query_parameter);
+ }
+
+ /* rxgk options */
+ if (cmd_OptionAsString(opts, OPT_s2s_crypt, &s2s_crypt_behavior) == 0) {
+ if (strcmp(s2s_crypt_behavior, "never") == 0) {
+ /* noop; this is the default */
+ } else if (strcmp(s2s_crypt_behavior, "rxgk-crypt") == 0) {
+ s2s_rxgk = 1;
+ } else {
+ printf("Invalid argument for -s2scrypt: %s\n", s2s_crypt_behavior);
+ return -1;
+ }
+ free(s2s_crypt_behavior);
+ s2s_crypt_behavior = NULL;
+ }
+
if (auditFileName) {
osi_audit_file(auditFileName);
}
-#ifndef AFS_NT40_ENV
- serverLogSyslogTag = "vlserver";
-#endif
- OpenLog(logFile); /* set up logging */
+ OpenLog(&logopts);
+#ifdef AFS_PTHREAD_ENV
+ opr_softsig_Init();
+ SetupLogSoftSignals();
+#else
SetupLogSignals();
+#endif
tdir = afsconf_Open(configDir);
if (!tdir) {
- printf
+ VLog(0,
("vlserver: can't open configuration files in dir %s, giving up.\n",
- configDir);
+ configDir));
exit(1);
}
/* initialize audit user check */
- osi_audit_set_user_check(configDir, vldb_IsLocalRealmMatch);
+ osi_audit_set_user_check(tdir, vldb_IsLocalRealmMatch);
#ifdef AFS_NT40_ENV
/* initialize winsock */
if (afs_winsockInit() < 0) {
ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0);
- fprintf(stderr, "vlserver: couldn't initialize winsock. \n");
+ VLog(0, ("vlserver: couldn't initialize winsock. \n"));
exit(1);
}
#endif
gethostname(hostname, sizeof(hostname));
th = gethostbyname(hostname);
if (!th) {
- printf("vlserver: couldn't get address of this host (%s).\n",
- hostname);
+ VLog(0, ("vlserver: couldn't get address of this host (%s).\n",
+ hostname));
exit(1);
}
memcpy(&myHost, th->h_addr, sizeof(afs_uint32));
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
- ccode = parseNetFiles(SHostAddrs, NULL, NULL,
- ADDRSPERSITE, reason,
- AFSDIR_SERVER_NETINFO_FILEPATH,
- AFSDIR_SERVER_NETRESTRICT_FILEPATH);
+ ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL,
+ ADDRSPERSITE, reason,
+ AFSDIR_SERVER_NETINFO_FILEPATH,
+ AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else
#endif
{
}
if (ccode == 1) {
host = SHostAddrs[0];
- rx_InitHost(host, htons(AFSCONF_VLDBPORT));
}
}
+ if (!rxJumbograms) {
+ rx_SetNoJumbo();
+ }
+ if (rxMaxMTU != -1) {
+ if (rx_SetMaxMTU(rxMaxMTU) != 0) {
+ VLog(0, ("rxMaxMTU %d invalid\n", rxMaxMTU));
+ return -1;
+ }
+ }
+
+ VLog(0, ("vlserver binding rx to %s:%d\n",
+ afs_inet_ntoa_r(host, hoststr), AFSCONF_VLDBPORT));
+ code = rx_InitHost(host, htons(AFSCONF_VLDBPORT));
+ if (code < 0) {
+ VLog(0, ("vlserver: Rx init failed: %d\n", code));
+ exit(1);
+ }
+ rx_SetRxDeadTime(50);
+
ubik_nBuffers = 512;
- ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, tdir);
+ if (s2s_rxgk) {
+ ubik_SetClientSecurityProcs(afsconf_ClientAuthRXGKCrypt,
+ afsconf_UpToDate, tdir);
+ } else {
+ ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, tdir);
+ }
ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
afsconf_CheckAuth, tdir);
ubik_ServerInitByInfo(myHost, htons(AFSCONF_VLDBPORT), &info, clones,
vl_dbaseName, &VL_dbase);
if (code) {
- printf("vlserver: Ubik init failed: %s\n", afs_error_message(code));
+ VLog(0, ("vlserver: Ubik init failed: %s\n", afs_error_message(code)));
exit(2);
}
- if (!rxJumbograms) {
- rx_SetNoJumbo();
- }
- if (rxMaxMTU != -1) {
- if (rx_SetMaxMTU(rxMaxMTU) != 0) {
- printf("rxMaxMTU %d invalid\n", rxMaxMTU);
- return -1;
- }
- }
- rx_SetRxDeadTime(50);
memset(rd_HostAddress, 0, sizeof(rd_HostAddress));
memset(wr_HostAddress, 0, sizeof(wr_HostAddress));
securityClasses, numClasses,
VL_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
- printf("vlserver: Could not create VLDB_SERVICE rx service\n");
+ VLog(0, ("vlserver: Could not create VLDB_SERVICE rx service\n"));
exit(3);
}
rx_SetMinProcs(tservice, 2);
rx_SetMaxProcs(tservice, lwps);
if (rxkadDisableDotCheck) {
- rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS,
- (void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK);
+ code = rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS,
+ (void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK);
+ if (code) {
+ VLog(0, ("vlserver: failed to allow dotted principals: %s\n",
+ afs_error_message(code)));
+ exit(2);
+ }
}
tservice =
securityClasses, numClasses,
RXSTATS_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
- printf("vlserver: Could not create rpc stats rx service\n");
+ VLog(0, ("vlserver: Could not create rpc stats rx service\n"));
exit(3);
}
rx_SetMinProcs(tservice, 2);
rx_SetMaxProcs(tservice, 4);
LogCommandLine(argc, argv, "vlserver", VldbVersion, "Starting AFS", FSLog);
- printf("%s\n", cml_version_number); /* Goes to the log */
+ if (afsconf_CountKeys(tdir) == 0) {
+ VLog(0, ("WARNING: No encryption keys found! "
+ "All authenticated accesses will fail."
+ "Run akeyconvert or asetkey to import encryption keys.\n"));
+ } else if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) {
+ LogDesWarning();
+ }
+ VLog(0, ("%s\n", cml_version_number));
/* allow super users to manage RX statistics */
rx_SetRxStatUserOk(vldb_rxstat_userok);